CVE-2017-20058 – elefant/cms

Package

Manager: composer
Name: elefant/cms
Vulnerable Version: >=0 <1.3.13

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00228 pctl0.45451

Details

Cross site scripting in Elefant CMS A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Metadata

Created: 2022-06-21T00:00:48Z
Modified: 2022-06-29T22:42:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-5hfm-g799-wjw6/GHSA-5hfm-g799-wjw6.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-5hfm-g799-wjw6
Finding: F425
Auto approve: 1